US20120288071A1 - System and Method for Authenticating Users of Online Services - Google Patents

System and Method for Authenticating Users of Online Services Download PDF

Info

Publication number
US20120288071A1
US20120288071A1 US13/555,999 US201213555999A US2012288071A1 US 20120288071 A1 US20120288071 A1 US 20120288071A1 US 201213555999 A US201213555999 A US 201213555999A US 2012288071 A1 US2012288071 A1 US 2012288071A1
Authority
US
United States
Prior art keywords
user
electronic
response
address
telephone number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US13/555,999
Inventor
Koushik Chatterjee
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CenturyLink Intellectual Property LLC
Original Assignee
CenturyLink Intellectual Property LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CenturyLink Intellectual Property LLC filed Critical CenturyLink Intellectual Property LLC
Priority to US13/555,999 priority Critical patent/US20120288071A1/en
Assigned to EMBARQ HOLDINGS COMPANY, LLC reassignment EMBARQ HOLDINGS COMPANY, LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: CHATTERJEE, KOUSHIK
Assigned to CENTURYLINK INTELLECTUAL PROPERTY LLC reassignment CENTURYLINK INTELLECTUAL PROPERTY LLC CHANGE OF NAME (SEE DOCUMENT FOR DETAILS). Assignors: EMBARQ HOLDINGS COMPANY, LLC
Publication of US20120288071A1 publication Critical patent/US20120288071A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • Online communities have become more prevalent in recent years. The online communities have developed into personal websites for individuals to present themselves to others. Social networking websites, such as myspace.com, is one example of an online community. Generally, these personal websites enable other users to interact by posting information and emailing the author of the website.
  • problems that have developed in these online communities include identity misrepresentation for fun and mischief.
  • imposters may use another person's name and information to set up a website to misrepresent who the owner of the website actually is to disparage the actual person, embarrass the real person, draw attention to other websites for improper reasons, or other mischievous activity.
  • an imposter may set up a webpage and use a famous person's name and likeness (e.g., Tom Cruise), and promote a product, thereby making it look as if the famous person is endorsing the product when, in actuality, the endorsement is fraudulent. While this sort of activity may occur on an online community, it may also occur with other online activities, including websites for businesses.
  • a number of online applications have developed solutions to try and minimize the ability for online fraud to occur.
  • One such online application is Paypal, which is an online payment system.
  • the Paypal online banking system requires that a user provides information for a real world bank account and the Paypal online banking system deposits a small amount of money into the real world bank account and requires that the customer verify that the money is deposited.
  • emigrantdirect.com Another online application called emigrantdirect.com, has customers fill out a form that provides a real world bank account.
  • the emigrantdirect.com online banking system deposits two small amounts of money into the bank account and then the customer verifies the amounts that were deposited.
  • ticketmaster.com verifies that a user is human and not a web robot or web-bot. This system presents an image with a word and asks for the user to type in the word being displayed in the image. This type of system verifies that a human is using the website, but it does not authenticate who that user is.
  • the principals of the present invention provide for a system and method for authenticating users of online services associating an electronic message address with an interactive communication address.
  • the electronic message address is an email account and an interactive communication address is a telephone number.
  • One embodiment includes a method and system for authenticating a user of a service.
  • the method may include maintaining a database on a network, where the database includes a name, electronic message address, and telephone number of a user.
  • a personal identification number may be sent in a first electronic communication to an electronic message address associated with the user as stored in the database.
  • the user may be called at a telephone number associated with the user as stored in the database.
  • the user may be queried for a least a portion of the personal identification number sent in the first electronic communication.
  • a response code from the user in response to the query may be received.
  • a confirmation that at least a portion of the personal identification number and response code match may be performed.
  • a method and system for verifying authenticity of an online usage of a user may include sending a message in an electronic communication to an electronic message address of a user, interactively communicating with the user a request for a response including at least a portion of the message sent to the user, and determining if a response to the request from the user matches at least a portion of the message sent to the user.
  • the message may include a personal identification number, other code, or image.
  • the interactive communication may be a telephone call to the user.
  • a certification link may be provided to the user for posting on a website or within an email to enable another user to select the communication link and have authentication information of the user be provided to the other user. Such authentication information may enable the other user to have confidence that the user whose website the other user is accessing or email the other user receives is authentic and not a misrepresentation of the user by another person impersonating the user.
  • another embodiment may include a method and system for providing an authentication notice on a website or email.
  • the method may include supplying an electronic message address and interactive communication address to an authentication authority.
  • a message may be received from the authentication authority at the electronic message address.
  • An interactive communication may be received from the authentication authority at the interactive communication address.
  • the user may provide a response including at least a portion of the message received from the authentication authority in response to receiving the interactive communication from the authentication authority.
  • a notification may be received that the authentication process is completed.
  • An indicia may be included on a website or email indicative of the user being authenticated.
  • FIG. 1 is an illustration of an exemplary system for service providers and application providers to provide telecommunication and online communications to users;
  • FIG. 2 is an illustration of an exemplary system for a service provider to perform authentication services for users
  • FIG. 3 is an illustration of an exemplary website for a user to register for authentication for usage of online services, such as a website or email;
  • FIG. 4 is an illustration of an exemplary email communicated to a user during the authentication process
  • FIG. 5 is a diagram of an exemplary interactive process for authenticating a user during the authentication process
  • FIG. 6 is an illustration of an exemplary email for notifying a user that he or she has been authenticated by an authentication process
  • FIG. 7 is an illustration of an exemplary webpage for verifying the authenticity of an email address associated with a user that has been authenticated
  • FIG. 8 is a flow diagram of an exemplary process for authenticating a user
  • FIG. 9 is an illustration of an exemplary website including an exemplary selectable authentication symbol for visitors of the website to view and select.
  • FIG. 10 is an illustration of an exemplary email including an exemplary selectable authentication symbol.
  • FIG. 1 is an illustration of an exemplary system 100 for service providers and application providers to provide telecommunication and online communications to users.
  • a service provider 102 may be a telecommunications service provider or other communications service provider.
  • Application providers 104 a - 104 n (collectively 104 ) may host or otherwise provide applications that users may access and utilize for a variety of purposes.
  • the service provider 102 may provide telecommunications services that users may access over a telecommunication network 106 and provide network services that users may access over a network 108 .
  • the telecommunications network 106 is a mobile telecommunications network.
  • the telecommunications network 106 may be any other telecommunications network, including the public switched telephone network (PSTN) or other telecommunications network.
  • PSTN public switched telephone network
  • the network 108 may be the Internet or other communications network.
  • the service provider 102 may provide authentication services to users of online services, such as websites and email accounts.
  • the service provider 102 may authenticate a user who chooses to be authenticated so that other users who access his or her website or receive emails from him or her are insured that those online activities are being conducted by the actual user 110 .
  • the service provider 102 may associate an electronic message address, such as an email address, and an interactive address, such as a telephone number associated with a local telephone or mobile telephone.
  • an electronic message address such as an email address
  • an interactive address such as a telephone number associated with a local telephone or mobile telephone.
  • the service provider 102 may communicate with the service provider 102 via a mobile phone 112 and computing device 114 via the telecommunication network 106 and network 108 , respectively.
  • the mobile phone 112 communicates through a radio tower 116 .
  • the service provider 112 may communicate to an online email account (not shown) of the user 110 via data packets 118 .
  • the communication by the service provider may include a message for the user 110 to access via the computing device 114 . This message may include information in which the user 110 uses to respond to a telephone call from the service provider 102 .
  • the user 110 may respond to the telephone call with information contained in the message sent to the online account of the user 110 .
  • the user 110 may be authenticated as being the owner or have access and/or control of both the email address and mobile phone 112 .
  • the authentication process is described in greater detail further herein.
  • FIG. 2 is an illustration of an exemplary system 100 for a service provider to perform authentication services for users.
  • the service provider 102 may operate a web server 202 and a call server 204 .
  • the web server may include a processor 206 that executes software 208 .
  • the processor 206 may be in communication with memory 210 and input/output (I/O) unit 212 and storage unit 214 .
  • the storage unit 214 may store one or more databases 216 a - 216 n (collectively 216 ).
  • the databases 216 may include a calling name database (“CNAM”) and other database(s) that may include information associated with subscribers or users of the service provider 102 .
  • CNAM calling name database
  • the databases 216 may include an authentication database (see TABLE I below) that stores information associated with users who are authenticated in accordance with the principles of the present invention.
  • the software 208 may be utilized to access other databases 216 and perform communications to users in accordance with the principles of the present invention.
  • the database may include information associated with a user who requests authentication via a website or other interface and may be stored in a server of a service provider or elsewhere.
  • the database may include information including an electronic message address (e.g., email address, text message address) and interactive communication address(es) (e.g., home phone number and mobile phone number).
  • the authentication database may be accessed by both the web server 202 and call server 204 , where each may look-up and write information used for the authentication process. For example, time stamps of when communications to the user's email account and telephone may be stored in the authentication database. It should be understood that other and/or different information may be included in the authentication database, including random codes for a user to respond to during an authentication telephone call to verify that the user is, in fact, human.
  • Call server 204 may include a processor 218 that executes software 220 .
  • the processor 218 may be in communication with memory 222 , I/O unit 224 , and storage unit 226 .
  • the storage unit 226 may store databases 228 a - 228 n (collectively 228 ).
  • the databases 228 may include information associated with subscribers of the service provider 102 .
  • the databases 228 a - 228 n may contain multiple tables within each database.
  • the information associated with the subscribers of the service provider 102 may include telephone numbers and caller ID names associated with the telephone numbers of the subscribers.
  • the software 220 may be utilized to access the databases 228 to look up telephone numbers and call the users.
  • the software 220 may include VoxeoTM VoiceXML/IVR engine, which is a voice response system, to place calls and respond to responses by users, as understood in the art.
  • a communication link 229 may provide communications between the web server 202 and call server 204 to enable the processors 206 and 218 executing software 208 and 220 , respectively, to communicate via the I/O units 212 and to 224 to coordinate with one another in providing authentication services in accordance with the principles of the present invention.
  • a mail server (not shown) may be in communication with the web server 202 for performing email services to users. Alternatively, the web server 202 may perform email communication services.
  • a calling name server 230 may be in communication with the web server 202 via the network 108 .
  • the calling name server 230 may further be in communication with storage units 232 a - 232 n (collectively 232 ) that store databases 234 a - 234 n (collectively 234 ) and 236 a - 236 n (collectively 236 ), respectively.
  • the databases 234 and 236 may be calling name databases that are maintained by other service providers with their subscribers' information. It should be understood that there may be one or more CNAM servers 230 associated with each service provider and their subsidiaries and the web server 202 may interact with each of the CNAM servers 230 to access the CNAM databases 234 and 236 . It should be understood that access to the CNAM databases 234 and 236 may be provided by each of the service providers for a charge or for no charge depending upon sharing agreements of the CNAM databases and the contents stored therein.
  • An electronic number (“ENUM”) server 240 may also be in communication with the network 108 .
  • One ENUM database is managed by a company NeuStar®, as understood in the art.
  • the ENUM server 240 may be in communication with storage devices 242 a - 242 n that stored databases 244 a - 244 n (collectively 244 ) and databases 246 a - 246 n (collectively 246 ) that store telephone number mapping information for service providers and subscribers.
  • the software 208 being executed by the processor 206 of the web server 202 may be used to host a website (see FIG. 3 ) to enable users to authenticate users who post websites and send email messages. It should be understood that users who use or provide other online services may be authenticated.
  • the software 208 may further operate to manage the authentication process, including the coordinating with the call server 204 in providing the authentication process.
  • the service provider 102 is shown to operate a web server 202 and call server 204 , it should be understood that these servers are exemplary and that depending on the type of communication being used to authenticate a user that the servers may be other types of servers, including instant messaging servers, text messaging servers, or any other types of communication servers in replace of or in addition to the web server 202 and call server 204 .
  • one or more of the servers may act as a controller for coordinating the authentication process as further described herein!
  • FIG. 3 is an illustration of an exemplary website 300 for a user to register for authentication of online services, such as a website or email.
  • a webpage displayed by a browser as understood in the art may include a number of text input fields for a user to enter information related to him or herself.
  • the text input fields may include a number of required, as shown with “*”, and optional input fields. It should be noted that these “required” input fields are for exemplary purposes only.
  • the input fields may include name 302 , email address 304 , mobile telephone number 306 , carrier name 308 .
  • the email address and mobile telephone number are electronic message addresses. Other electronic message addresses, such as a paging address, may be utilized as well. As shown, the email address and the mobile telephone number are alternatives from one another.
  • the mobile telephone number enables a text message to be sent thereto and a carrier name (e.g., Sprint-Nextel) may be selected via a pull-down menu or otherwise.
  • a carrier name e.g., Sprint-Nextel
  • the carrier is input because text messaging to subscribers of each carrier uses a different address.
  • a text message to a Sprint telephone number has the format of 8005551212@messaging.sprintpcs.com.
  • One embodiment enables the mobile phone number to be entered and the system may look up which carrier services the number and may determine the text message for that carrier.
  • any electronic message address may be utilized in accordance with the principles of the present invention. Of course, if an email address is to be authenticated, then the email address is the most logical candidate of electronic message address to be used.
  • a telephone number text input field 310 is provided for a user to enter his or her telephone number.
  • the telephone number may be a home phone number, a mobile telephone number, Internet Protocol (IP) phone number, or other interactive communication address.
  • IP Internet Protocol
  • IM instant message
  • a caller ID name may be entered into a text input field 312 .
  • the caller ID name associated with the telephone number may be an exact caller ID name or a partial caller ID name and confirmed via the authentication system.
  • the authentication system has the ability to correspond an online address, which may be set up without identification verification, with a real-world, physical device of which a user owns, controls, and has possession. For example, the owner of an email address and telephone number has access and control of both and can therefore be authenticated via separate, yet corresponding, communications to each.
  • a credit card number and expiration dates text input fields 314 a and 314 b may be provided.
  • a link to an online payment service e.g., Paypal
  • a discount code text entry field 318 may be provided so that the user being authenticated does not have to pay money, but rather the third party pays the money for the authentication process.
  • a fee of $5.00, for example may be charged.
  • a third party pays for the authentication process then a fee of $1.00, for example, may be charged to the third party, where the lower rate reflects the higher volume provided by the third party.
  • the user may also enter profile information in a profile region 320 of the webpage 300 .
  • the profile information may be helpful in allowing other users to confirm whether the authenticated user is the correct user. For example, an age input field 322 , city input field 324 , home page input page 326 , profession input field 328 , and comments input field 330 may be provided so that the user may allow others to confirm that this is indeed the correct user as particular information may be unknown to an imposter.
  • the profile information is relatively non-descript in terms of providing personal information that can be used for locating a person, such as a home address.
  • the information entered in the authentication registration webpage 300 may be stored in a database 216 a ( FIG. 2 ) on the web server 202 for the service provider 102 . During the authentication process, this information may be accessed and used for communications to the user as described further herein. It should be understood that anyone with access to the Internet may access and use the system and methodologies described herein and that the users may not be limited to subscribers of a particular service provider.
  • FIG. 4 is an illustration of an exemplary email 400 communicated to a user during the authentication process.
  • an email message 402 communicated from an authentication administrator, such as service provider 102 is communicated to the user at his or her email address (e.g., john_smith@hotmail.com) as entered in the email address text input field 304 on the authentication registration webpage 300 ( FIG. 3 ).
  • the text message may include a personal identification number 404 or other code that may be alpha-numeric for entry into a communication device, such as a telephone.
  • a picture or other image may be sent in the email 400 that the user may use for responding to a telephone call during the authentication process. For example, an image showing an animal, such an elephant, may be sent to the user and the user identifies the type of animal received in the email in response to a telephone call from the authentication system.
  • FIG. 5 is a diagram of an exemplary interactive process 500 for authenticating a user during the authentication process.
  • the devices may include a web server 502 , call server 504 , ENUM server 506 , CNAM 508 , user 510 who is online or using an email account, user phone 512 , and third-party user 514 . It should be understood that different and/or other contact points may be utilized in accordance with the principles of the present invention.
  • the process starts at step 516 , where a user 510 accesses the web server 502 .
  • the user 510 performs an authentication registration via the web server 502 of a service provider.
  • the authentication registration may be performed on a webpage, such as that shown in FIG. 3 , that allows the user 510 to enter an electronic message address (e.g., email address, text message address, or other electronic message address) and an interactive communication address (e.g., telephone number, IM address, and IP telephone address).
  • an electronic message address e.g., email address, text message address, or other electronic message address
  • an interactive communication address e.g., telephone number, IM address, and IP telephone address
  • Other information as described with respect to FIG. 3 may be entered into the authentication registration webpage.
  • the web server 502 may email a message, including a personal identification number, code, or other indicia, such as an image, to the user 510 at his or her email account.
  • the message may be communicated to any other electronic message address as entered by the user.
  • the web server 502 may notify the call server 504 to initiate an authentication call.
  • the call server 504 may call the user phone 512 at step 520 .
  • This call may be placed within a time range or at a time specified on the email message to the user email account 510 .
  • the phone call may be made within one hour of the email being sent to the user 510 at his or her email account. It should be understood that a text message or other electronic communication to a different electronic message address may provide the same or similar functionality.
  • the call to the user at step 520 may be automated and ask for the personal identification number 404 ( FIG. 4 ) sent in the email message 400 .
  • the automated phone call may state, “Thank you for using Embarq's authentication services! Welcome to common sense. This is an automated call for John Smith. Please answer the 8-digit pin provided in the email we sent to John_Smith@hotmail.com.
  • the user may respond via the user phone 512 to the call server 504 .
  • the response(s) may be performed by using a keypad of the user phone 512 or the user may speak into the user phone 512 .
  • the call server 504 may include a dual-tone, multiple frequency (“DTMF”) detector for receiving and determining the keys pressed on the user phone 512 that cause a dual-tone, multiple frequency (DTMF) signal to be communicated to the call server 504 .
  • the call server 504 may additionally and/or alternatively include a speech recognition system as understood in the art to receive a voice signal response from the user in responding to the question prompted to the user during the automated call at step 520 .
  • steps 520 and 522 may be performed to any electronic communication device that allows for an interactive response from a user so as to help ensure authenticity that the user is, in fact, who he or she claims to be. If the call at step 520 from the call server 504 is not answered, then the call server 504 may be configured to call the user at a later time, leave a message for the user that a scheduled call-back will be performed at a particular time, or give up after a time period and an email may be sent to the user to further attempt to schedule a call time.
  • the call server 504 in response to receiving the user response at step 522 , may communicate the response or information, such as an ASCII code representation of a verbal response or dual-tone, multiple frequency response from the user phone 512 , to the web server 502 at step 524 .
  • the web server 502 may confirm the PIN or other response information (e.g., animal name) at step 526 to determine whether the PIN, response code or otherwise matches the PIN code or otherwise sent to the user 510 in the electronic message at step 518 .
  • an email confirmation (see FIG. 6 ) may be sent to the user 510 at his or her email account indicating that the user has or has not been confirmed based on whether a match is determined at step 526 .
  • an authentication code may be sent to the user via an email, for example.
  • the user may post or place the authentication code onto a website, emails, or otherwise use in conjunction with online activities, so that other users may see the authentication code and feel secure that this user has been authenticated by a trusted authentication authority.
  • the authentication code may use the hypertext mark up language (HTML).
  • HTML hypertext mark up language
  • An image such as a logo of the authentication administrator (e.g., “Embarq Authentication Services,” associated with a graphical logo) may be posted or remotely accessed and displayed on another user's display on the user's webpage or email, for example.
  • a third-party user 514 may access a webpage of the user 510 .
  • the user's online webpage may be an online community webpage (e.g., webpage) myspace.com, homepage, or other online usage.
  • the third-party user 514 may receive an email from the user 510 having the authentication code placed therein.
  • the authentication code again, may provide the third-party user 514 with security in knowing that the user has been authenticated. For example, if a dean of a university sends out an email, students who receive the email may feel secure in that they know that the user is not another student sending out a prank email. Other numerous examples in which authentication of a user is desired are understood.
  • the third-party user 514 may verify the authentication of the user by clicking on the authentication code, represented as an image or otherwise, posted in the email or placed on the website. The user may be automatically directed to the web server 502 in response to clicking on the authentication code. Alternatively, the third-party user 514 may access the web server 502 to access a webpage (see FIG. 7 ) to perform the verification of the email address or other identifier of the user posted on a website or placed within an email or otherwise.
  • the web server 502 communicates an authentication verification code to the third-party user 514 to let the third-party user 514 know that the user whose email address or otherwise that the third-party user 514 is concerned about has been authenticated.
  • FIG. 6 is an illustration of an exemplary email 600 for notifying a user that he or she has been authenticated by an authentication process.
  • a message 602 may be communicated to the user indicating that the authentication process is complete after the electronic message address and electronic communication address controlled by the user have been used to authenticate the user.
  • the message may state, for example, “Congratulations. Your email address has been verified by our system as belonging to John Smith. Websites and visitors may visit “http://www.embarq.com/verify” to validate your email address belongs to you. This authentication will expire in six months. You may place the following authentication code on your websites and emails so others may verify your identity and email you from the web.”
  • the authentication code in the form of HTML or otherwise may be provided to the user. This code is to be unique with respect to the user so that other users attempting to verify the authentication of the user can do so.
  • FIG. 7 is an illustration of an exemplary webpage 700 for verifying the authenticity of an email address associated with a user that has been authenticated.
  • the webpage 700 may notify a third-party user that he or she is interfacing with a website/email authenticator.
  • a region 702 may request an email address, other electronic address, or other indicia to be entered into a text input field 704 .
  • the third-party user may enter John_Smith@hotmail.com into the text input field 704 .
  • the email address may automatically be posted into the text input field 704 or a process may automatically start to verify the authenticity of the user without the email address being posted on a text input field.
  • the third-party user may select a “submit” soft-button 706 to submit the email address entered into the text input field 704 .
  • Software which may operate as an authenticator, may be executed by a processor (e.g., processor 206 of FIG. 2 ) to look up in a database whether or not the email address entered into the text input field 704 corresponds to a particular user.
  • the webpage 700 may include another region 708 to show results of the authenticator.
  • the authenticator may notify the third-party user that the email address entered into the text input field 704 has been authenticated on a particular date. Further in the text field 712 , the authenticator may notify the third-party user how the authentication process performed the authentication and the reliability that the user is authentic (e.g., “high reliability”).
  • Another text field 714 may include profile information as entered by the user into the authentication registration webpage 300 ( FIG. 3 ). Such profile information may give added confidence to the third-party user that the person who was authenticated was indeed the actual person they were expecting.
  • FIG. 8 is a flow diagram of an exemplary process 800 for authenticating a user.
  • the process 800 starts at step 802 .
  • a message is sent to an electronic message address of a user wanting to become authenticated.
  • an interactive communication with the user is made requesting a response for at least a portion of the message sent to the user.
  • the portion of the message may be a PIN number that is being requested from the user.
  • the interactive communication may be performed via a telephone requesting that the user type the response into the keypad of the telephone or speak a response into the microphone of the telephone.
  • the interactive communication may be to an IP telephone, instant message address, or otherwise, and the user may respond as available from the respective technology.

Abstract

A method and system for verifying authenticity of an online usage of a user may include sending a message in an electronic communication to an electronic message address of a user, interactively communicating with the user a request for a response including at least a portion of the message sent to the user, and determining if a response to the request from the user matches at least a portion of the message sent to the user. The message may include a personal identification number used for verification. A certification link or authentication code may be provided to the user for posting on a website or within an email. The certification link or authentication code, optionally displaying an indicia, may enable other users to have confidence that the user whose website other users access or whose emails other users receive are authentic and not someone impersonating the user.

Description

    BACKGROUND
  • Online communities have become more prevalent in recent years. The online communities have developed into personal websites for individuals to present themselves to others. Social networking websites, such as myspace.com, is one example of an online community. Generally, these personal websites enable other users to interact by posting information and emailing the author of the website.
  • Problems that have developed in these online communities include identity misrepresentation for fun and mischief. For example, imposters may use another person's name and information to set up a website to misrepresent who the owner of the website actually is to disparage the actual person, embarrass the real person, draw attention to other websites for improper reasons, or other mischievous activity. More specifically, an imposter may set up a webpage and use a famous person's name and likeness (e.g., Tom Cruise), and promote a product, thereby making it look as if the famous person is endorsing the product when, in actuality, the endorsement is fraudulent. While this sort of activity may occur on an online community, it may also occur with other online activities, including websites for businesses. Furthermore, it is possible to create personal and business email accounts having the name of another in the email address so that emails can be sent to others for improper purposes (e.g., billclinton@hotmail.com).
  • A number of online applications have developed solutions to try and minimize the ability for online fraud to occur. One such online application is Paypal, which is an online payment system. To verify a user or depositor has a bank account, the Paypal online banking system requires that a user provides information for a real world bank account and the Paypal online banking system deposits a small amount of money into the real world bank account and requires that the customer verify that the money is deposited.
  • Another online application called emigrantdirect.com, has customers fill out a form that provides a real world bank account. The emigrantdirect.com online banking system deposits two small amounts of money into the bank account and then the customer verifies the amounts that were deposited.
  • Another online application, ticketmaster.com, verifies that a user is human and not a web robot or web-bot. This system presents an image with a word and asks for the user to type in the word being displayed in the image. This type of system verifies that a human is using the website, but it does not authenticate who that user is.
  • While the above systems are helpful in ensuring that users of systems are human and have bank accounts, they fail to fully address authentication of users to avoid identity fraud by online community users.
  • SUMMARY
  • To overcome the problems of online identity fraud, the principals of the present invention provide for a system and method for authenticating users of online services associating an electronic message address with an interactive communication address. In one embodiment, the electronic message address is an email account and an interactive communication address is a telephone number.
  • One embodiment includes a method and system for authenticating a user of a service. The method may include maintaining a database on a network, where the database includes a name, electronic message address, and telephone number of a user. In a first electronic communication to an electronic message address associated with the user as stored in the database, a personal identification number may be sent. The user may be called at a telephone number associated with the user as stored in the database. The user may be queried for a least a portion of the personal identification number sent in the first electronic communication. A response code from the user in response to the query may be received. A confirmation that at least a portion of the personal identification number and response code match may be performed.
  • In another embodiment, a method and system for verifying authenticity of an online usage of a user may include sending a message in an electronic communication to an electronic message address of a user, interactively communicating with the user a request for a response including at least a portion of the message sent to the user, and determining if a response to the request from the user matches at least a portion of the message sent to the user. The message may include a personal identification number, other code, or image. The interactive communication may be a telephone call to the user. In addition, a certification link may be provided to the user for posting on a website or within an email to enable another user to select the communication link and have authentication information of the user be provided to the other user. Such authentication information may enable the other user to have confidence that the user whose website the other user is accessing or email the other user receives is authentic and not a misrepresentation of the user by another person impersonating the user.
  • Still yet, another embodiment may include a method and system for providing an authentication notice on a website or email. The method may include supplying an electronic message address and interactive communication address to an authentication authority. A message may be received from the authentication authority at the electronic message address. An interactive communication may be received from the authentication authority at the interactive communication address. The user may provide a response including at least a portion of the message received from the authentication authority in response to receiving the interactive communication from the authentication authority. A notification may be received that the authentication process is completed. An indicia may be included on a website or email indicative of the user being authenticated.
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • Illustrative embodiments of the present invention are described in detail below with reference to the attached drawing figures, which are incorporated by reference herein and wherein:
  • FIG. 1 is an illustration of an exemplary system for service providers and application providers to provide telecommunication and online communications to users;
  • FIG. 2 is an illustration of an exemplary system for a service provider to perform authentication services for users;
  • FIG. 3 is an illustration of an exemplary website for a user to register for authentication for usage of online services, such as a website or email;
  • FIG. 4 is an illustration of an exemplary email communicated to a user during the authentication process;
  • FIG. 5 is a diagram of an exemplary interactive process for authenticating a user during the authentication process;
  • FIG. 6 is an illustration of an exemplary email for notifying a user that he or she has been authenticated by an authentication process;
  • FIG. 7 is an illustration of an exemplary webpage for verifying the authenticity of an email address associated with a user that has been authenticated;
  • FIG. 8 is a flow diagram of an exemplary process for authenticating a user;
  • FIG. 9 is an illustration of an exemplary website including an exemplary selectable authentication symbol for visitors of the website to view and select; and
  • FIG. 10 is an illustration of an exemplary email including an exemplary selectable authentication symbol.
  • DETAILED DESCRIPTIONS OF THE DRAWINGS
  • FIG. 1 is an illustration of an exemplary system 100 for service providers and application providers to provide telecommunication and online communications to users. A service provider 102 may be a telecommunications service provider or other communications service provider. Application providers 104 a-104 n (collectively 104) may host or otherwise provide applications that users may access and utilize for a variety of purposes. The service provider 102 may provide telecommunications services that users may access over a telecommunication network 106 and provide network services that users may access over a network 108. In one embodiment, the telecommunications network 106 is a mobile telecommunications network. Alternatively, the telecommunications network 106 may be any other telecommunications network, including the public switched telephone network (PSTN) or other telecommunications network. The network 108 may be the Internet or other communications network. In accordance with the principals of the present invention, the service provider 102 may provide authentication services to users of online services, such as websites and email accounts. In other words, the service provider 102 may authenticate a user who chooses to be authenticated so that other users who access his or her website or receive emails from him or her are insured that those online activities are being conducted by the actual user 110.
  • In authenticating the user 110, the service provider 102 may associate an electronic message address, such as an email address, and an interactive address, such as a telephone number associated with a local telephone or mobile telephone. For example, one embodiment enables the user 110 to communicate with the service provider 102 via a mobile phone 112 and computing device 114 via the telecommunication network 106 and network 108, respectively. The mobile phone 112 communicates through a radio tower 116. The service provider 112, may communicate to an online email account (not shown) of the user 110 via data packets 118. The communication by the service provider may include a message for the user 110 to access via the computing device 114. This message may include information in which the user 110 uses to respond to a telephone call from the service provider 102. The user 110 may respond to the telephone call with information contained in the message sent to the online account of the user 110. In this way, the user 110 may be authenticated as being the owner or have access and/or control of both the email address and mobile phone 112. The authentication process is described in greater detail further herein.
  • FIG. 2 is an illustration of an exemplary system 100 for a service provider to perform authentication services for users. The service provider 102 may operate a web server 202 and a call server 204. The web server may include a processor 206 that executes software 208. The processor 206 may be in communication with memory 210 and input/output (I/O) unit 212 and storage unit 214. The storage unit 214 may store one or more databases 216 a-216 n (collectively 216). The databases 216 may include a calling name database (“CNAM”) and other database(s) that may include information associated with subscribers or users of the service provider 102. Additionally, the databases 216 may include an authentication database (see TABLE I below) that stores information associated with users who are authenticated in accordance with the principles of the present invention. The software 208 may be utilized to access other databases 216 and perform communications to users in accordance with the principles of the present invention.
  • TABLE I is an exemplary authentication database. The database may include information associated with a user who requests authentication via a website or other interface and may be stored in a server of a service provider or elsewhere. The database may include information including an electronic message address (e.g., email address, text message address) and interactive communication address(es) (e.g., home phone number and mobile phone number). The authentication database may be accessed by both the web server 202 and call server 204, where each may look-up and write information used for the authentication process. For example, time stamps of when communications to the user's email account and telephone may be stored in the authentication database. It should be understood that other and/or different information may be included in the authentication database, including random codes for a user to respond to during an authentication telephone call to verify that the user is, in fact, human.
  • TABLE I
    Exemplary Authentication Database
    Parameters Users
    First Name John Riki Gregory Sharon
    Last Name Smith Smith Smith Smith
    Caller ID Name John Smith Smith Riki Gregory Smith Sharon Smith
    Email address John_Smith@hotmail.com Rsmith@gmail.com gregorysmith@hotmail.com sharonsmith@msn.com
    Home Phone No 555-758-6611 555-644-6262 555-478-4322 555-874-2743
    Mobile Phone No 555-405-6886 555-644-6036 555-478-3243 555-874-2342
    Mobile Phone Carrier Sprint Embarq AT&T Sprint
    Requested Time Stamp 8/26/06 4:05 PM 8/11/06 5:01 PM 8/27/06 3:12 PM 8/28/06 9:42 AM
    Verified Time Stamp 8/26/06 4:45 PM 8/11/06 5:50 PM 8/26/06 4:02 PM 8/28/06 10:14 AM
    Requestor IP Address 207.142.131.248 168.251.192.15 208.132.121.448 318.232.124.234
    Discount Code myspace1234 yahoo7482
    Verified Yes Yes Yes Yes
    Record Number 123456 654315 654321 83423
    Profile Information Attorney Consultant Actor Engineer
    Other
  • Call server 204 may include a processor 218 that executes software 220. The processor 218 may be in communication with memory 222, I/O unit 224, and storage unit 226. The storage unit 226 may store databases 228 a-228 n (collectively 228). The databases 228 may include information associated with subscribers of the service provider 102. The databases 228 a-228 n may contain multiple tables within each database. The information associated with the subscribers of the service provider 102 may include telephone numbers and caller ID names associated with the telephone numbers of the subscribers. The software 220 may be utilized to access the databases 228 to look up telephone numbers and call the users. In addition, the software 220 may include Voxeo™ VoiceXML/IVR engine, which is a voice response system, to place calls and respond to responses by users, as understood in the art.
  • A communication link 229 may provide communications between the web server 202 and call server 204 to enable the processors 206 and 218 executing software 208 and 220, respectively, to communicate via the I/O units 212 and to 224 to coordinate with one another in providing authentication services in accordance with the principles of the present invention. A mail server (not shown) may be in communication with the web server 202 for performing email services to users. Alternatively, the web server 202 may perform email communication services.
  • A calling name server 230 may be in communication with the web server 202 via the network 108. The calling name server 230 may further be in communication with storage units 232 a-232 n (collectively 232) that store databases 234 a-234 n (collectively 234) and 236 a-236 n (collectively 236), respectively. The databases 234 and 236 may be calling name databases that are maintained by other service providers with their subscribers' information. It should be understood that there may be one or more CNAM servers 230 associated with each service provider and their subsidiaries and the web server 202 may interact with each of the CNAM servers 230 to access the CNAM databases 234 and 236. It should be understood that access to the CNAM databases 234 and 236 may be provided by each of the service providers for a charge or for no charge depending upon sharing agreements of the CNAM databases and the contents stored therein.
  • An electronic number (“ENUM”) server 240 may also be in communication with the network 108. One ENUM database is managed by a company NeuStar®, as understood in the art. The ENUM server 240 may be in communication with storage devices 242 a-242 n that stored databases 244 a-244 n (collectively 244) and databases 246 a-246 n (collectively 246) that store telephone number mapping information for service providers and subscribers.
  • In operation, the software 208 being executed by the processor 206 of the web server 202 may be used to host a website (see FIG. 3) to enable users to authenticate users who post websites and send email messages. It should be understood that users who use or provide other online services may be authenticated. The software 208 may further operate to manage the authentication process, including the coordinating with the call server 204 in providing the authentication process. Although the service provider 102 is shown to operate a web server 202 and call server 204, it should be understood that these servers are exemplary and that depending on the type of communication being used to authenticate a user that the servers may be other types of servers, including instant messaging servers, text messaging servers, or any other types of communication servers in replace of or in addition to the web server 202 and call server 204. In the event that other types of servers are utilized, one or more of the servers may act as a controller for coordinating the authentication process as further described herein!
  • FIG. 3 is an illustration of an exemplary website 300 for a user to register for authentication of online services, such as a website or email. A webpage displayed by a browser as understood in the art may include a number of text input fields for a user to enter information related to him or herself. The text input fields may include a number of required, as shown with “*”, and optional input fields. It should be noted that these “required” input fields are for exemplary purposes only. The input fields may include name 302, email address 304, mobile telephone number 306, carrier name 308. The email address and mobile telephone number are electronic message addresses. Other electronic message addresses, such as a paging address, may be utilized as well. As shown, the email address and the mobile telephone number are alternatives from one another. The mobile telephone number enables a text message to be sent thereto and a carrier name (e.g., Sprint-Nextel) may be selected via a pull-down menu or otherwise. The carrier is input because text messaging to subscribers of each carrier uses a different address. For example, a text message to a Sprint telephone number has the format of 8005551212@messaging.sprintpcs.com. One embodiment enables the mobile phone number to be entered and the system may look up which carrier services the number and may determine the text message for that carrier. It should be understood that any electronic message address may be utilized in accordance with the principles of the present invention. Of course, if an email address is to be authenticated, then the email address is the most logical candidate of electronic message address to be used.
  • A telephone number text input field 310 is provided for a user to enter his or her telephone number. The telephone number may be a home phone number, a mobile telephone number, Internet Protocol (IP) phone number, or other interactive communication address. For example, rather than using a telephone number, an instant message (IM) address may be entered. If a telephone number is used, then a caller ID name may be entered into a text input field 312. The caller ID name associated with the telephone number may be an exact caller ID name or a partial caller ID name and confirmed via the authentication system. No matter what interactive communication address is used, the authentication system has the ability to correspond an online address, which may be set up without identification verification, with a real-world, physical device of which a user owns, controls, and has possession. For example, the owner of an email address and telephone number has access and control of both and can therefore be authenticated via separate, yet corresponding, communications to each.
  • In addition, if the authentication service is to cost money, then a credit card number and expiration dates text input fields 314 a and 314 b may be provided. Alternatively, a link to an online payment service, (e.g., Paypal) may be provided. If the authentication service is to be paid for by a service provider 102 (FIG. 1) or application provider 104 (e.g., myspace.com), then a discount code text entry field 318 may be provided so that the user being authenticated does not have to pay money, but rather the third party pays the money for the authentication process. In one embodiment, if the user pays for the authentication, then a fee of $5.00, for example, may be charged. Alternatively, if a third party pays for the authentication process, then a fee of $1.00, for example, may be charged to the third party, where the lower rate reflects the higher volume provided by the third party.
  • In addition to the contact information that is used by the authentication system for authenticating a user, the user may also enter profile information in a profile region 320 of the webpage 300. The profile information may be helpful in allowing other users to confirm whether the authenticated user is the correct user. For example, an age input field 322, city input field 324, home page input page 326, profession input field 328, and comments input field 330 may be provided so that the user may allow others to confirm that this is indeed the correct user as particular information may be unknown to an imposter. To avoid personal security problems, the profile information is relatively non-descript in terms of providing personal information that can be used for locating a person, such as a home address.
  • The information entered in the authentication registration webpage 300 may be stored in a database 216 a (FIG. 2) on the web server 202 for the service provider 102. During the authentication process, this information may be accessed and used for communications to the user as described further herein. It should be understood that anyone with access to the Internet may access and use the system and methodologies described herein and that the users may not be limited to subscribers of a particular service provider.
  • FIG. 4 is an illustration of an exemplary email 400 communicated to a user during the authentication process. As shown, an email message 402 communicated from an authentication administrator, such as service provider 102, is communicated to the user at his or her email address (e.g., john_smith@hotmail.com) as entered in the email address text input field 304 on the authentication registration webpage 300 (FIG. 3). The text message may include a personal identification number 404 or other code that may be alpha-numeric for entry into a communication device, such as a telephone. Alternatively, rather than providing a personal identification number or other code, a picture or other image may be sent in the email 400 that the user may use for responding to a telephone call during the authentication process. For example, an image showing an animal, such an elephant, may be sent to the user and the user identifies the type of animal received in the email in response to a telephone call from the authentication system.
  • FIG. 5 is a diagram of an exemplary interactive process 500 for authenticating a user during the authentication process. As shown, a number of different devices and communication points are provided. The devices may include a web server 502, call server 504, ENUM server 506, CNAM 508, user 510 who is online or using an email account, user phone 512, and third-party user 514. It should be understood that different and/or other contact points may be utilized in accordance with the principles of the present invention.
  • Continuing with FIG. 5, the process starts at step 516, where a user 510 accesses the web server 502. At step 516, the user 510 performs an authentication registration via the web server 502 of a service provider. The authentication registration may be performed on a webpage, such as that shown in FIG. 3, that allows the user 510 to enter an electronic message address (e.g., email address, text message address, or other electronic message address) and an interactive communication address (e.g., telephone number, IM address, and IP telephone address). Other information as described with respect to FIG. 3 may be entered into the authentication registration webpage. At step 518, the web server 502 may email a message, including a personal identification number, code, or other indicia, such as an image, to the user 510 at his or her email account. Alternatively, the message may be communicated to any other electronic message address as entered by the user.
  • At step 519, the web server 502 may notify the call server 504 to initiate an authentication call. In response, the call server 504 may call the user phone 512 at step 520. This call may be placed within a time range or at a time specified on the email message to the user email account 510. For example, the phone call may be made within one hour of the email being sent to the user 510 at his or her email account. It should be understood that a text message or other electronic communication to a different electronic message address may provide the same or similar functionality.
  • The call to the user at step 520 may be automated and ask for the personal identification number 404 (FIG. 4) sent in the email message 400. Alternatively, any other information that may be communicated in an email or other electronic format message to the user may be requested. In one embodiment, the automated phone call may state, “Thank you for using Embarq's authentication services! Welcome to common sense. This is an automated call for John Smith. Please answer the 8-digit pin provided in the email we sent to John_Smith@hotmail.com. At step 522, the user may respond via the user phone 512 to the call server 504. The response(s) may be performed by using a keypad of the user phone 512 or the user may speak into the user phone 512. During the call, to provide additional security, the user may be asked to enter or speak random or non-random information, such as ‘please press the keys corresponding to the following letters “‘A Z G F.”’ The call server 504 may include a dual-tone, multiple frequency (“DTMF”) detector for receiving and determining the keys pressed on the user phone 512 that cause a dual-tone, multiple frequency (DTMF) signal to be communicated to the call server 504. The call server 504 may additionally and/or alternatively include a speech recognition system as understood in the art to receive a voice signal response from the user in responding to the question prompted to the user during the automated call at step 520. It should be understood that steps 520 and 522 may be performed to any electronic communication device that allows for an interactive response from a user so as to help ensure authenticity that the user is, in fact, who he or she claims to be. If the call at step 520 from the call server 504 is not answered, then the call server 504 may be configured to call the user at a later time, leave a message for the user that a scheduled call-back will be performed at a particular time, or give up after a time period and an email may be sent to the user to further attempt to schedule a call time.
  • The call server 504, in response to receiving the user response at step 522, may communicate the response or information, such as an ASCII code representation of a verbal response or dual-tone, multiple frequency response from the user phone 512, to the web server 502 at step 524. The web server 502 may confirm the PIN or other response information (e.g., animal name) at step 526 to determine whether the PIN, response code or otherwise matches the PIN code or otherwise sent to the user 510 in the electronic message at step 518. At step 528, an email confirmation (see FIG. 6) may be sent to the user 510 at his or her email account indicating that the user has or has not been confirmed based on whether a match is determined at step 526. If confirmed, an authentication code may be sent to the user via an email, for example. At step 530, the user may post or place the authentication code onto a website, emails, or otherwise use in conjunction with online activities, so that other users may see the authentication code and feel secure that this user has been authenticated by a trusted authentication authority. In one embodiment, the authentication code may use the hypertext mark up language (HTML). An image, such as a logo of the authentication administrator (e.g., “Embarq Authentication Services,” associated with a graphical logo) may be posted or remotely accessed and displayed on another user's display on the user's webpage or email, for example.
  • At step 532, a third-party user 514 may access a webpage of the user 510. For example, the user's online webpage may be an online community webpage (e.g., webpage) myspace.com, homepage, or other online usage. Alternatively, the third-party user 514 may receive an email from the user 510 having the authentication code placed therein. The authentication code, again, may provide the third-party user 514 with security in knowing that the user has been authenticated. For example, if a dean of a university sends out an email, students who receive the email may feel secure in that they know that the user is not another student sending out a prank email. Other numerous examples in which authentication of a user is desired are understood. At step 534, the third-party user 514 may verify the authentication of the user by clicking on the authentication code, represented as an image or otherwise, posted in the email or placed on the website. The user may be automatically directed to the web server 502 in response to clicking on the authentication code. Alternatively, the third-party user 514 may access the web server 502 to access a webpage (see FIG. 7) to perform the verification of the email address or other identifier of the user posted on a website or placed within an email or otherwise. At step 536, the web server 502 communicates an authentication verification code to the third-party user 514 to let the third-party user 514 know that the user whose email address or otherwise that the third-party user 514 is concerned about has been authenticated.
  • FIG. 6 is an illustration of an exemplary email 600 for notifying a user that he or she has been authenticated by an authentication process. As shown, a message 602 may be communicated to the user indicating that the authentication process is complete after the electronic message address and electronic communication address controlled by the user have been used to authenticate the user. The message may state, for example, “Congratulations. Your email address has been verified by our system as belonging to John Smith. Websites and visitors may visit “http://www.embarq.com/verify” to validate your email address belongs to you. This authentication will expire in six months. You may place the following authentication code on your websites and emails so others may verify your identity and email you from the web.”
  • Again, the authentication code in the form of HTML or otherwise may be provided to the user. This code is to be unique with respect to the user so that other users attempting to verify the authentication of the user can do so.
  • FIG. 7 is an illustration of an exemplary webpage 700 for verifying the authenticity of an email address associated with a user that has been authenticated. The webpage 700 may notify a third-party user that he or she is interfacing with a website/email authenticator. On the website 700, a region 702 may request an email address, other electronic address, or other indicia to be entered into a text input field 704. For example, the third-party user may enter John_Smith@hotmail.com into the text input field 704. Alternatively, if the third-party user selects the authentication code, the email address may automatically be posted into the text input field 704 or a process may automatically start to verify the authenticity of the user without the email address being posted on a text input field. The third-party user may select a “submit” soft-button 706 to submit the email address entered into the text input field 704. Software, which may operate as an authenticator, may be executed by a processor (e.g., processor 206 of FIG. 2) to look up in a database whether or not the email address entered into the text input field 704 corresponds to a particular user.
  • The webpage 700 may include another region 708 to show results of the authenticator. As shown in a text field 710, the authenticator may notify the third-party user that the email address entered into the text input field 704 has been authenticated on a particular date. Further in the text field 712, the authenticator may notify the third-party user how the authentication process performed the authentication and the reliability that the user is authentic (e.g., “high reliability”). Another text field 714 may include profile information as entered by the user into the authentication registration webpage 300 (FIG. 3). Such profile information may give added confidence to the third-party user that the person who was authenticated was indeed the actual person they were expecting.
  • FIG. 8 is a flow diagram of an exemplary process 800 for authenticating a user. The process 800 starts at step 802. At step 804, a message is sent to an electronic message address of a user wanting to become authenticated. At step 806, an interactive communication with the user is made requesting a response for at least a portion of the message sent to the user. For example, the portion of the message may be a PIN number that is being requested from the user. The interactive communication may be performed via a telephone requesting that the user type the response into the keypad of the telephone or speak a response into the microphone of the telephone. Alternatively, the interactive communication may be to an IP telephone, instant message address, or otherwise, and the user may respond as available from the respective technology. At step 808, a determination is made if the response from the user matches the portion of the message for which the system requested. For example, a comparison of the response to the PIN number sent to the user in an email message may be performed. Alternatively and/or additionally, a comparison of another code, image, or otherwise may be performed. In one embodiment, more than one portion of the message may be requested from the user to improve security. Other types of questions may be asked of the user to ensure that the user is, in fact, human, and has a personal knowledge of facts unknown to anybody other than that particular user. The process ends at step 810.
  • The previous detailed description is of a small number of embodiments for implementing the invention and is not intended to be limiting in scope. One of skill in this art will immediately envisage the methods and variations used to implement this invention in other areas than those described in detail. The following claims set forth a number of the embodiments of the invention disclosed with greater particularity.

Claims (25)

1. A method for authenticating a user of an online service, said method comprising:
accessing a database on a network, the database including a name, electronic message address, and a telephone number of a user;
sending, in a first electronic communication to an electronic message address associated with the user as stored in the database, a personal identification number;
placing a first call to the user at a telephone number associated with the user as stored in the database;
in response to receiving no answer to the first call at the telephone number associated with the user, leaving a message informing the user of a particular time for a scheduled call-back and placing a second call to the user at the telephone number associated with the user at the particular time;
in response to the user answering at least one of the calls, requesting from the user at least a portion of the personal identification number in the first electronic communication to the user;
receiving a response code from the user in response to the request;
confirming a match of at least a portion of the personal identification number and response code; and
determining that the user is authentic based on confirming a match of at least a portion of the personal identification member and response code.
2. The method according to claim 1, further comprising sending a verification code in a second electronic communication to the electronic message address.
3. The method according to claim 1, wherein sending a first electronic communication to an electronic message address includes sending an email.
4. The method according to claim 1, wherein sending a first electronic communication to an electronic address includes sending one of a text message and an instant message.
5. The method according to claim 1, wherein receiving includes receiving a signal in the form of a dual-tone multiple frequency.
6. The method according to claim 1, wherein receiving includes receiving a signal in the form of a voice signal.
7. The method according to claim 1, wherein receiving includes receiving a signal in the form of an ASCII text.
8. The method according to claim 1, further comprising providing users with an electronic input form for entry of user information for use in performing an authentication, the input form including name, electronic message address, and telephone number text entry fields.
9. The method according to claim 8, wherein providing users with an electronic input form includes providing a caller ID text entry field.
10. The method according to claim 9, further comprising verifying that a caller ID received from a user matches at least in part a caller ID associated with the telephone number.
11. The method according to claim 1, further comprising providing a certification link to the user in response to confirming a match of at least a portion of the personal identification number and response code.
12. The method according to claim 11, wherein providing a communication link enables the user to include the communication link on a website.
13. The method according to claim 1, further comprising:
prompting the user with random information; and
confirming that the user submits the random information in response to the prompt.
14. A system for authenticating a user of an online service, such system comprising:
a database and communication with a network, the database including a name, electronic message address, and telephone number of the user; and
at least one processor executing software, said at least one processor in communication with said database and the software configured to:
access the database;
send a personal identification number in a first electronic communication to an electronic message address associated with the user as stored in the database;
place a first call the user at a telephone number associated with the user as stored in the database;
in response to receiving no answer to the first call at the telephone number associated with the user, leave a message informing the user of a particular time for a scheduled call-back and place a second call to the user at the telephone number associated with the user at the scheduled call-back time;
in response to the user answering at least one of the calls, request from the user at least a portion of the personal identification number sent in the first electronic communication to the user;
receive a response code from the user in response to the request;
confirm a match of at least a portion of the personal identification number and response code; and
determining that the user is authentic based on confirming a match of at least a portion of the personal identification number and response code.
15. The system according to claim 14, wherein the software is further configured to send a verification code in a second electronic communication to the electronic message address.
16. The system according to claim 14, wherein the electronic message address is an email address.
17. The system according to claim 14, wherein the electronic message address is at least one of a text message address and an instant message address.
18. The system according to claim 14, wherein the software is configured to receive the code in the form of a dual-tone multiple frequency.
19. The system according to claim 14, wherein the software is further configured to receive the verification code as a signal in the form of a voice signal.
20. The system according to claim 14, wherein the software is further configured to provide users with an electronic input form for entry of user information for use in performing an authentication, the electronic input form including name, electronic message address, and telephone number text entry fields.
21. The system according to claim 20, wherein the software is further configured to provide users with an electronic input form further including providing a caller ID text entry field.
22. The system according to claim 21, wherein the software is further configured to verify that a caller ID received from a user at least in part matches a caller ID associated with the telephone number.
23. The system according to claim 14, wherein the software is further configured to provide a certification link to the user in response to confirming a match of at least a portion of the personal identification number and response code.
24. The system according to claim 14, wherein the software is further configured to provide a communication link that enables a user to include the communication link on a website or email.
25. The system according to claim 14, wherein the software is further configured to:
prompt the user with random information; and
confirm that the user submits the random information in response to the prompt.
US13/555,999 2006-09-14 2012-07-23 System and Method for Authenticating Users of Online Services Abandoned US20120288071A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US13/555,999 US20120288071A1 (en) 2006-09-14 2012-07-23 System and Method for Authenticating Users of Online Services

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US11/521,208 US8260862B2 (en) 2006-09-14 2006-09-14 System and method for authenticating users of online services
US13/555,999 US20120288071A1 (en) 2006-09-14 2012-07-23 System and Method for Authenticating Users of Online Services

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US11/521,208 Continuation US8260862B2 (en) 2006-09-14 2006-09-14 System and method for authenticating users of online services

Publications (1)

Publication Number Publication Date
US20120288071A1 true US20120288071A1 (en) 2012-11-15

Family

ID=39190198

Family Applications (2)

Application Number Title Priority Date Filing Date
US11/521,208 Active 2029-03-29 US8260862B2 (en) 2006-09-14 2006-09-14 System and method for authenticating users of online services
US13/555,999 Abandoned US20120288071A1 (en) 2006-09-14 2012-07-23 System and Method for Authenticating Users of Online Services

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US11/521,208 Active 2029-03-29 US8260862B2 (en) 2006-09-14 2006-09-14 System and method for authenticating users of online services

Country Status (1)

Country Link
US (2) US8260862B2 (en)

Families Citing this family (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100185614A1 (en) 1999-11-04 2010-07-22 O'brien Brett Shared Internet storage resource, user interface system, and method
US6351776B1 (en) 1999-11-04 2002-02-26 Xdrive, Inc. Shared internet storage resource, user interface system, and method
WO2008097869A1 (en) 2007-02-02 2008-08-14 Iconix, Inc. Authenticating and confidence marking e-mail messages
US20080263103A1 (en) 2007-03-02 2008-10-23 Mcgregor Lucas Digital asset management system (DAMS)
JP4585549B2 (en) * 2007-07-27 2010-11-24 株式会社エヌ・ティ・ティ・ドコモ COMMUNICATION DEVICE, COMMUNICATION SYSTEM, AND PROGRAM
US8150842B2 (en) 2007-12-12 2012-04-03 Google Inc. Reputation of an author of online content
AU2008201012A1 (en) * 2008-03-04 2009-09-24 Whocando Pty Ltd Process of authenticating a user
US7801961B2 (en) 2008-05-09 2010-09-21 Iconix, Inc. E-mail message authentication and marking extending standards complaint techniques
US8275097B2 (en) * 2008-08-28 2012-09-25 Ebay Inc. Voice phone-based method and system to authenticate users
US20100122327A1 (en) 2008-11-10 2010-05-13 Apple Inc. Secure authentication for accessing remote resources
US8300782B2 (en) * 2009-02-20 2012-10-30 Avaya Inc. Secure feature access from an off-PBX telephone
US8611894B2 (en) * 2009-08-09 2013-12-17 Qualcomm Incorporated Apparatus and method for destination phone number string creation
US9363088B2 (en) 2010-07-22 2016-06-07 Zixcorp Systems, Inc. Automated provisioning of a network appliance
US8543816B2 (en) * 2010-08-18 2013-09-24 File Drop Vault Llc Secure, auditable file exchange system and method
US9253199B2 (en) * 2010-09-09 2016-02-02 Red Hat, Inc. Verifying authenticity of a sender of an electronic message sent to a recipient using message salt
US8752172B1 (en) * 2011-06-27 2014-06-10 Emc Corporation Processing email messages based on authenticity analysis
US8713645B2 (en) 2011-11-22 2014-04-29 International Business Machines Corporation Authentication for social networking messages
US20140101733A1 (en) * 2012-10-09 2014-04-10 Troy Jason Cain System and method for secure user authentication with a single action
US20140172985A1 (en) * 2012-11-14 2014-06-19 Anton G Lysenko Method and system for forming a hierarchically complete, absent of query syntax elements, valid Uniform Resource Locator (URL) link consisting of a domain name followed by server resource path segment containing syntactically complete e-mail address
AU2014200729A1 (en) * 2013-02-19 2014-09-04 ChannelPace Pty Ltd An improved authentication method
CN104376466A (en) * 2014-11-25 2015-02-25 苏州迪云信息科技有限公司 Electronic payment method, device and terminal
US9881145B2 (en) * 2015-04-22 2018-01-30 Avaya Inc. Adding features and services without password exposure
US10706839B1 (en) 2016-10-24 2020-07-07 United Services Automobile Association (Usaa) Electronic signatures via voice for virtual assistants' interactions
US11057374B1 (en) 2017-05-16 2021-07-06 BlueOwl, LLC Systems and methods for one-click two-factor authentication
US10924931B2 (en) * 2017-05-24 2021-02-16 Microsoft Technology Licensing, Llc External sharing with improved security
US10944752B2 (en) 2017-05-24 2021-03-09 Microsoft Technology Licensing, Llc Transfer of secure external sharing link
WO2019040983A1 (en) * 2017-08-29 2019-03-07 Future Pass Pty Ltd Platform methods and systems of a trust broker
CN111107093B (en) * 2019-12-25 2022-07-19 苏州达家迎信息技术有限公司 Application login method, device, terminal and storage medium

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5935248A (en) * 1995-10-19 1999-08-10 Fujitsu Limited Security level control apparatus and method for a network securing communications between parties without presetting the security level
US20040128558A1 (en) * 2002-12-31 2004-07-01 Barrett Michael Richard Method and system for transmitting authentication context information
US6782080B2 (en) * 2000-06-22 2004-08-24 Icl Invia Oyj Arrangement for authenticating user and authorizing use of secured system
US20050041793A1 (en) * 2003-07-14 2005-02-24 Fulton Paul R. System and method for active mobile collaboration
US20050175198A1 (en) * 2002-03-26 2005-08-11 Joachim Neumann Method for dynamic determination of time constants, method for level detection, method for compressing an electric audio signal and hearing aid, wherein the method for compression is used
US20050183142A1 (en) * 2004-02-18 2005-08-18 Michael Podanoffsky Identification of Trusted Relationships in Electronic Documents
US20050268100A1 (en) * 2002-05-10 2005-12-01 Gasparini Louis A System and method for authenticating entities to users
US20070088701A1 (en) * 2005-06-07 2007-04-19 Rao Bindu R Customer care network with automatic callback to subscriber
US20070106620A1 (en) * 2005-11-07 2007-05-10 Harsch Khandelwal Verification of a testimonial
US20070143475A1 (en) * 2005-12-15 2007-06-21 Brian Daigle Identification services
US20070220146A1 (en) * 2006-03-14 2007-09-20 Hirobumi Suzuki Reliability authorizing method, reliability authorizing device, and reliability authorizing system
US8155297B1 (en) * 2003-12-02 2012-04-10 Jpmorgan Chase Bank System and method for providing call-back options

Family Cites Families (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5280581A (en) * 1992-02-27 1994-01-18 Hughes Aircraft Company Enhanced call-back authentication method and apparatus for remotely accessing a host computer from a plurality of remote sites
US6353852B1 (en) * 1999-01-27 2002-03-05 Adc Telecommunications, Inc. Enhanced telephone service system with secure system and method for E-mail address registration
US7870599B2 (en) * 2000-09-05 2011-01-11 Netlabs.Com, Inc. Multichannel device utilizing a centralized out-of-band authentication system (COBAS)
US6973575B2 (en) * 2001-04-05 2005-12-06 International Business Machines Corporation System and method for voice recognition password reset
FR2832887B1 (en) * 2001-11-28 2005-09-16 Medialive METHOD FOR ACCESSING VIDEO AND MULTIMEDIA ELECTRONIC EMAILS
US20030115142A1 (en) * 2001-12-12 2003-06-19 Intel Corporation Identity authentication portfolio system
ES2235604B1 (en) * 2003-05-23 2006-07-01 Corta-Fuegos Capricornio, S.L. SYSTEM FOR THE CONTROL AND EXTINCTION OF FOREST FIRE.
WO2005067595A2 (en) * 2004-01-05 2005-07-28 Tools For Health, Inc. System for remote control of an automated call system
WO2005114886A2 (en) * 2004-05-21 2005-12-01 Rsa Security Inc. System and method of fraud reduction
US7336773B2 (en) * 2004-07-21 2008-02-26 Nokia, Inc. Method and system for multi-mode communication with sender authentication
US20060200487A1 (en) * 2004-10-29 2006-09-07 The Go Daddy Group, Inc. Domain name related reputation and secure certificates
US20060248011A1 (en) * 2005-04-27 2006-11-02 Robert Hecht-Nielsen Secure commerce systems
US7848510B2 (en) * 2005-07-22 2010-12-07 Cisco Technology, Inc. Method and system for recording automatic call distributor calls
US20070026372A1 (en) * 2005-07-27 2007-02-01 Huelsbergen Lorenz F Method for providing machine access security by deciding whether an anonymous responder is a human or a machine using a human interactive proof
US7340042B2 (en) * 2005-10-21 2008-03-04 Voiceverified, Inc. System and method of subscription identity authentication utilizing multiple factors
US20070136573A1 (en) * 2005-12-05 2007-06-14 Joseph Steinberg System and method of using two or more multi-factor authentication mechanisms to authenticate online parties
US20070168432A1 (en) * 2006-01-17 2007-07-19 Cibernet Corporation Use of service identifiers to authenticate the originator of an electronic message

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5935248A (en) * 1995-10-19 1999-08-10 Fujitsu Limited Security level control apparatus and method for a network securing communications between parties without presetting the security level
US6782080B2 (en) * 2000-06-22 2004-08-24 Icl Invia Oyj Arrangement for authenticating user and authorizing use of secured system
US20050175198A1 (en) * 2002-03-26 2005-08-11 Joachim Neumann Method for dynamic determination of time constants, method for level detection, method for compressing an electric audio signal and hearing aid, wherein the method for compression is used
US20050268100A1 (en) * 2002-05-10 2005-12-01 Gasparini Louis A System and method for authenticating entities to users
US20040128558A1 (en) * 2002-12-31 2004-07-01 Barrett Michael Richard Method and system for transmitting authentication context information
US20050041793A1 (en) * 2003-07-14 2005-02-24 Fulton Paul R. System and method for active mobile collaboration
US8155297B1 (en) * 2003-12-02 2012-04-10 Jpmorgan Chase Bank System and method for providing call-back options
US20050183142A1 (en) * 2004-02-18 2005-08-18 Michael Podanoffsky Identification of Trusted Relationships in Electronic Documents
US20070088701A1 (en) * 2005-06-07 2007-04-19 Rao Bindu R Customer care network with automatic callback to subscriber
US20070106620A1 (en) * 2005-11-07 2007-05-10 Harsch Khandelwal Verification of a testimonial
US20070143475A1 (en) * 2005-12-15 2007-06-21 Brian Daigle Identification services
US20070220146A1 (en) * 2006-03-14 2007-09-20 Hirobumi Suzuki Reliability authorizing method, reliability authorizing device, and reliability authorizing system

Also Published As

Publication number Publication date
US20080072294A1 (en) 2008-03-20
US8260862B2 (en) 2012-09-04

Similar Documents

Publication Publication Date Title
US8260862B2 (en) System and method for authenticating users of online services
US9300792B2 (en) Registration, verification and notification system
US8515847B2 (en) System and method for password-free access for validated users
CN102317903B (en) Use social information that user conversation is authenticated
US8220030B2 (en) System and method for security in global computer transactions that enable reverse-authentication of a server by a client
CN101034984B (en) Establishing the true identify database of the user with the personal information submitted by the user
US20060059362A1 (en) Automated password reset via an interactive voice response system
US20090006254A1 (en) Virtual prepaid or credit card and process and system for providing same and for electronic payments
EP1433103A1 (en) Financial transaction system and method using electronic messaging
CN101136909B (en) Method and system for checking user real identification using communication network
WO2009128850A1 (en) System and method for password-free access for validated users
WO2001048674A1 (en) Method and system for authenticating identity on internet
US10341323B1 (en) Automated method for on demand multifactor authentication
US20110246366A1 (en) Authentication using telecommunications device
CN101656685A (en) Method for viewing user related information provided by on-line service
CN101217372A (en) An identification mutual authentication system and method integrated net addresses
WO2008002276A1 (en) Unified call centre system for multiple service providers
US11533619B1 (en) Access controlling network architectures utilizing novel cellular signaled access control and machine-learning techniques to identify, rank modify and/or control automated programmable entities (such as robots/bots) and their visual schemas, and methods for use thereof
EP1533728A1 (en) Contract generating server
JP4276022B2 (en) User authentication method, user authentication system, computer program, and program storage medium in WWW service
US20220239773A1 (en) Caller identification information analyzer
US20030191691A1 (en) Computer system for forming a database
EP1739588A1 (en) Method and system for registration and user identification of web users
WO2011026695A1 (en) Centralized authentication system
WO2005081489A1 (en) Improved secure web site access method and system

Legal Events

Date Code Title Description
AS Assignment

Owner name: EMBARQ HOLDINGS COMPANY, LLC, COLORADO

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:CHATTERJEE, KOUSHIK;REEL/FRAME:028773/0319

Effective date: 20060911

Owner name: CENTURYLINK INTELLECTUAL PROPERTY LLC, COLORADO

Free format text: CHANGE OF NAME;ASSIGNOR:EMBARQ HOLDINGS COMPANY, LLC;REEL/FRAME:028773/0468

Effective date: 20120323

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION